Sign-up

ID

VAR-202406-1440


CVE

CVE-2024-37369


TITLE

Rockwell Automation FactoryTalk View SE Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-30908

DESCRIPTION

A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system. Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation of the United States

Trust: 1.44

sources: NVD: CVE-2024-37369 // CNVD: CNVD-2024-30908

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-30908

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:factorytalk viewscope:gteversion:12.0

Trust: 1.0

vendor:rockwellautomationmodel:factorytalk viewscope:ltversion:14.0

Trust: 1.0

vendor:rockwellmodel:automation factorytalk view sescope:eqversion:v12

Trust: 0.6

sources: CNVD: CNVD-2024-30908 // NVD: CVE-2024-37369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-37369
value: HIGH

Trust: 1.0

PSIRT@rockwellautomation.com: CVE-2024-37369
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-30908
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-30908
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-37369
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-30908 // NVD: CVE-2024-37369 // NVD: CVE-2024-37369

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

sources: NVD: CVE-2024-37369

PATCH

title:Patch for Rockwell Automation FactoryTalk View SE Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/565681

Trust: 0.6

sources: CNVD: CNVD-2024-30908

EXTERNAL IDS

db:NVDid:CVE-2024-37369

Trust: 1.6

db:CNVDid:CNVD-2024-30908

Trust: 0.6

sources: CNVD: CNVD-2024-30908 // NVD: CVE-2024-37369

REFERENCES

url:https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1674.html

Trust: 1.6

sources: CNVD: CNVD-2024-30908 // NVD: CVE-2024-37369

SOURCES

db:CNVDid:CNVD-2024-30908
db:NVDid:CVE-2024-37369

LAST UPDATE DATE

2025-01-31T23:12:07.651000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-30908date:2024-07-08T00:00:00
db:NVDid:CVE-2024-37369date:2025-01-31T15:45:19.597

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-30908date:2024-07-08T00:00:00
db:NVDid:CVE-2024-37369date:2024-06-14T17:15:51.310